The Respondents are PrivacyProtect.org, Domain Admin, of the Netherlands, and Mark Sergijenko, of Harjumaa, Estonia (collectively, the Respondent).

2. The Domain Name and Registrar

The disputed domain name <xenicalbuy.com> is registered with EstDomains, Inc.

3. Procedural History

The Complaint (naming as Respondent “PrivacyProtect.org, Domain Admin”) was filed with the WIPO Arbitration and Mediation Center (the “Center”) on December 13, 2007. On December 17, 2007, the Center transmitted by email to EstDomains, Inc. a request for registrar verification in connection with the domain name at issue. On December 17, 2007, EstDomains, Inc. transmitted by email to the Center its verification response confirming that “PrivacyProtect.org, Domain Admin” is listed as the registrant and providing the contact details. The Center verified that the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2(a) and 4(a), the Center formally notified the Respondent of the Complaint, and the proceedings commenced on December 21, 2007.

The Center (in addition to notifying the Complaint by email to the registrant email address provided in the WhoIs and confirmed by the registrar, “contact@privacyprotect.org”) also sent a separate message through the “Contact Domain Name Owner” section of the Privacy Protect.org website alerting any recipient to the existence of the Complaint, and advising them to contact the Center as soon as possible if further information was required.

In accordance with the Rules, paragraph 5(a), the due date for Response was January 10, 2008. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on January 11, 2008.

The Center appointed Debrett G. Lyons as the sole panelist in this matter on January 25, 2008. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

On January 25, 2008, the Center received an apparently automated email from “Privacy.Protect.org” indicating that it provides a privacy service for registrants who do not wish to be contacted directly, but that it is possible to get in touch with the registrant by visiting the following link: “http://privacyprotect.org/#contact_domain_owner”.

The email also stated that this is the “only” way to get in touch with the registrant, and that “We do not accept any postal mail on behalf of the domain name owner and all mails sent to our address will be rejected”. The Center then visited the provided link, and in addition to the above-referred message sent previously to the “Contact Domain Name Owner Section”, submitted an on-line request through the “Request Domain Name Contact Information” section.

On February 7, 2008, the Center received an email from “PrivacyProtect.org”, indicating that it had received and reviewed the Complaint, and that it had “disabled the Privacy Protect service for the domain name, such that it now displays the putative contact details of the domain name holder”.

Following receipt of this email, the Center checked the WhoIs database, which indicated a change in registrant data consistent with the stated “disabling” of a privacy shield. Specifically, the WhoIs data listed the registrant as “Mark Sergijenko” and provided contact details differing from those of “PrivacyProtect.org”. On February 21, 2008, the Center received confirmation of those registrant and contact details from the Registrar, EstDomains, Inc.

The Center advised the Panel of the apparent change in registrant identity and contact information, and the Panel instructed the Center to issue a Panel Order to the parties and the registrar-disclosed contact information for Mark Sergijenko, in the following terms:

“The Panel notes that the Registrar has indicated on February 21, 2008, via the WIPO Arbitration and Mediation Center (“Center”), the Registrant of the disputed domain name as being “Mark Sergijenko”.

The Panel requests Mark Sergijenko to indicate to the Center no later than February 26, 2008, whether he intends to submit any response in this case. If no reply to this Order is received by the Center by this date, the Panel will proceed to render its Decision.”

The Panel Order was issued on February, 22, 2008. No reply was received.

4. Factual Background

The Complainant is a long established pharmaceutical company which now has a global business. The Complainant’s trademark XENICAL is registered in many countries. The earliest of those trademark registrations predates the date of registration of the disputed domain name by many years.

The trademark XENICAL is used in respect of a weight loss medication.

The Respondent registered the disputed domain name on November 9, 2007. The corresponding portal style website carries sponsored third party links including those to “diet” products and other pharmaceuticals.

The Complainant petitions the Panel to transfer the domain name to it.

5. Parties’ Contentions

A. Complainant

The Complainant submits that the disputed domain name is confusingly similar to the trademark XENICAL since it incorporates the whole of the trademark and merely adds the descriptive word, “buy”.

The Complainant argues that the Respondent has no rights or legitimate interests in the domain name. It alleges that there is no evidence of the Respondent’s use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services. The Respondent is not commonly known by the domain name and the Complainant has found nothing to indicate that the Respondent is making a legitimate non-commercial or fair use of the domain name.

The Complainant submits that the disputed domain name was registered and is being used in bad faith. In particular, the Complainant argues that the Respondent would have known of the Complainant’s trademark at the time it registered the disputed domain name and its subsequent use of the domain name shows that it is attempting to attract Internet users to the Respondent’s website by creating a likelihood of confusion with the Complainant’s trademark.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

It is the responsibility of the Panel to consider whether the requirements of the Policy have been met, regardless of the fact the Respondent failed to submit a reply. According to paragraph 4(a) of the Policy, the Complainant must prove that:

(i) the domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and

(ii) the Respondent has no rights or legitimate interests in respect of the domain name; and

(iii) the domain name has been registered and is being used in bad faith.

Having considered the Complainant’s case and the available evidence, the Panel finds the following:

Preliminary Issue : Respondent Identity and Complaint Notification

An important preliminary issue in this case concerns the use of a privacy or proxy registration service, PrivacyProtect.org and the “disclosure” by it of an underlying registrant only after the proceedings had been formally commenced.

The Panel accepts that there may well be valid reasons for the use of a privacy or proxy registration service and that such services may be legitimately offered. Nevertheless, it is also important for the effective functioning of the Policy that there be a reliable and readily accessible means by which the holder or registrant of a domain name can be identified in the event of a domain name dispute. That is the purpose of the WhoIs database, which is the key source of information on registrant identity, and therefore respondent identity, in proceedings under the Policy.

The Center itself takes the added step to confirm the WhoIs-listed registrant information through the use of its registrar verification process. This provides an important means of confirming that the WhoIs registrant and contact information is up to date. Registrar verification is also necessary in order to obtain certain information (including contact details and mutual jurisdiction information) which is not typically accessible through the WhoIs, but which is nevertheless required in order to fulfill a provider’s administrative compliance and complaint notification obligations under the Policy and Rules. That verification procedure also provides registrars with an opportunity in so-called privacy or proxy service cases to disclose, should they wish and be in a position to do so, any record of an underlying domain name registrant prior to formal commencement of the proceedings.

The Panel notes that this would typically only apply in relation to privacy or proxy registration services which have some affiliation or take practical steps to ensure that they have established communications with the concerned registrar. The Center’s registrar verification requests are usually sent only to the listed registrar of record, and while the Center may elect in exceptional cases to copy other parties, the Panel for its part sees no basis on which the Center should be required at that stage to send such requests to a third party privacy or proxy registration service listed in the WhoIs which might, in the result, be confirmed as a respondent in the proceedings.

In cases where such a privacy or proxy registration service is confirmed by the concerned registrar as the registrant of record, and would therefore presumably receive formal notification by the Center of the complaint as a respondent, it would then be for that privacy or proxy registration service to make any submissions it may wish to make in relation to respondent identity or otherwise as soon as possible thereafter, and at least prior to the specified due date for submission of any response.

In this case, due to the relatively unusual steps stipulated by the privacy provider on its website, the Center sought to obtain registrant information from PrivacyProtect.org directly, by using its prescribed on-line mechanism and through that mechanism, also sought to communicate directly with the “real registrant”. Acting in that way, the Center has done everything possible to give the underlying registrant every opportunity to respond.

The Panel is of the view that even if the Center had not undertaken those additional steps and had proceeded on the assumption that the WhoIs-indicated and registrar-confirmed registrant and conduct details as they existed on the date of Complaint notification were those of the applicable registrant, then:

(a) to the extent necessary, that would have been sufficient for the purpose of ascertaining the nominal identity of the Respondent (i.e. the WhoIs-listed registrant) for the purpose of concluding the Center’s administrative compliance review of the Complaint; and

(b) provided that the Center notified the Complaint to the WhoIs-listed contact information as confirmed by the registrar, that would have been sufficient to satisfy the requirement in paragraph 2(a) of the Rules to employ reasonably available means calculated to achieve actual notice in the circumstances of this case.

The Panel further notes that whatever the merits of a privacy or proxy registration service, it will not do to substitute the name and contact information of such service for those of a claimed “true registrant” in the WhoIs database and then to later state that correspondence sent to those provided contact details will not be accepted. The Policy does not contemplate and should not be required to accommodate privacy or proxy registration services which require communications be made only through that service’s on-line mechanism. The proper purpose of such services should be to appropriately protect the privacy of a registrant, not to shield them from knowledge of proceedings to which they may be a party as a result of their own conduct. Such shielding would in effect undermine a registrant’s undertaking in its registration agreement to refrain from knowing infringement of trademark rights in a registered domain name. It would also fly in the face of a registrant’s promise that in the event of any conflict, it be bound by the ICANN-mandated UDRP.

There are limits to what can reasonably be done by parties and providers in order to identify an underlying registrant in the context of a Policy created to offer a flexible and accessible alternative to litigation. Put simply, WhoIs information must be usable for communication purposes in a Policy proceeding – even those provided by an entity claiming to be a privacy or proxy registration service – and if they are not, the registrant, whoever they may be, must expect to bear any consequences.

Nor indeed is it practical to expect that a party, provider or panel in an expedited UDRP proceeding should be, or indeed are, under an obligation to ‘pierce the veil’ on privacy or proxy registration services in order to identify what may be an underlying or beneficial owner of a domain name. Whatever a provider undertakes it is for the individual who chooses to use a privacy or proxy registration service, as it is for that privacy or proxy registration service itself, to ensure that there are procedures in place to ensure that any communications directed to the registrant of a domain name in the context of a UDRP dispute are brought to that registrant’s attention.

In the event that an underlying registrant wishes to have itself included as a respondent in a UDRP procedure, it is incumbent on that person to alert the parties and provider in a timely fashion. In the event that a privacy or proxy registration service wishes to have itself removed as a Respondent and to “disclose” the name and contact information of an underlying registrant, it is likewise incumbent on that entity to alert the parties and provider in a timely fashion. “Timely”, in this context, means after the Complaint is initiated but before the proceedings are formally commenced. The provider can then seek to verify this information with the registrar and, if it is verified, invite the Complainant to submit a corresponding amendment to the Complaint.

In the unfortunate case of disclosures made only after formal commencement, these should be made wherever possible at least prior to Panel appointment, rather than only after the Panel has commenced its deliberations.

In this case the Panel notes that “Privacy Protect.org, Domain Admin” was the WhoIs-listed registrant of the disputed domain name at the time the Complaint was filed. That had been confirmed by the Registrar at the time the Center completed its administrative compliance review and formally notified the Complaint. The Panel is accordingly satisfied that “Privacy Protect.org, Domain Admin” is an appropriate Respondent in this case. The fact that “Privacy Protect.org” appears to offer a privacy or proxy registration service does not alter that finding. If “PrivacyProtect.org” wished to disassociate itself from the registration of this domain name it should have done so earlier.

The Panel is further satisfied that the entity belatedly disclosed by PrivacyProtect.org as Mark Sergijenko, who has subsequently been confirmed by the registrar as the registrant and is now currently listed in the WhoIs database, is appropriately joined as Respondent in these proceedings.

The Panel finds that the Complaint was correctly notified by the Center. Moreover, the Panel finds that the claimed underlying registrant, Mr. Sergijenko, was in effect on notice at the time of formal commencement. This is so because the Center correctly notified the Complaint to the contact information provided for the listed registrant of record at that time (being PrivacyProtect.org). Furthermore, the Center took the additional step of seeking to notify Mr. Sergijenko directly through the communication mechanism which PrivacyProtect.org stated would enable direct communication with the “true” registrant of the domain name.

For avoidance of doubt, the Panel further ordered the above-referred Panel Order to be forwarded to the disclosed contact information for Mr. Sergijenko. No reply was forthcoming, and the Panel accordingly proceeds to its decision on the merits below.

Identical or Confusingly Similar

The Panel has no hesitation in finding that the disputed domain name is confusingly similar to a trademark in which the Complainant has rights.

Absent contest by the Respondent, the Panel accepts that the registered trademarks for XENICAL are valid and subsisting. The Complainant therefore has rights in the trademark.

For the purpose of comparison of the domain name with the mark, the gTLD, “.com”, can be ignored as trivial and so there only remains the comparison of “xenicalbuy” with the trademark XENICAL.

The Complainant referred the Panel to the Lilly ICOS LLC v. John Hopking / Neo netLtd.,WIPO Case No. D2005-0694, where it was said that “generally, a user of a mark may not avoid likely confusion by appropriating another’s entire mark and adding descriptive or non-distinctive matter to it”. That same thinking has been expressed by panelists in numerous other similar fact cases under the Policy, a great many of them involving popular selling pharmaceutical products, where a respondent has added descriptive or otherwise non-distinctive words to a complainant’s trademark.

Accordingly, the Panel finds that the Complainant has met the first requirement of the Policy.

Rights or Legitimate Interests

There is nothing to establish that the Respondent is known by the disputed domain name, or that the Respondent is using or has made demonstrable preparations to use the disputed domain name in connection with a bona fide offering of goods or services : Oki Data Americas, Inc. v. ASD, Inc.,
WIPO Case No. D2001-0903.

There is no suggestion that the Respondent is making legitimate noncommercial or fair use of the disputed domain names. On the contrary, the disputed domain name is currently being used to post sponsored links from which revenue is presumably derived, some of which resolve to websites appearing to offer a range of pharmaceutical products in competition with those of the Complainant.

The Panel finds that the Complainant has succeeded in making out a prima facie case that the Respondent lacks rights or legitimate interests in the disputed domain name, and that the Respondent in failing to reply has not discharged the burden of rebuttal which fell to it as a result: See Do The Hustle, LLC v. Tropic Web,
WIPO Case No. D2000-0624.

The Panel therefore finds that the Complainant has satisfied what was required of it under Paragraph 4(a)(ii) of the Policy.

Registered and Used in Bad Faith

Paragraph 4(b) of the Policy sets out the circumstances which shall be evidence of the registration and use of a domain name in bad faith. These sets of circumstances are not exhaustive and other instances of bad faith might be in evidence however what is noteworthy about paragraphs 4(b)(i) – (iv) is that they have generally been interpreted as requiring both registration and use in bad faith. Sometimes, there will be evidence of use in bad faith or registration in bad faith. In any event, in order to succeed the Complainant would need to satisfy the Panel that both bad faith registration and use have been established, since the requirements of paragraph 4(a)(iii) of the Policy are conjunctive.

It is therefore logical to first test the facts against these given circumstances.

Paragraph 4(b)(iv) states:

“by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your website or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your website or location or of a product or service on your website or location.”

The Panel is of the view that the use of the disputed domain names falls squarely within paragraph 4(b)(iv) above. In the absence of evidence of any contrary intention, the inference can be drawn that the intention of the website was to intercept internet users and misdirect them to a site for commercial gain (see, for example, Red Bull GmbH v. Harold Gutch,
WIPO Case No. D2000-0766, in which the panel said “it is highly unlikely that the Respondent has selected the domain name without having knowledge of the Complainant’s use of his marks. He must not only have had the Complaint’s marks in mind when he registered the domain names but he must also have been aware of the deception and confusion that would inevitably follow if he uses the domain”).

The Panel further finds, separately, registration and use in bad faith for the reasons put forward by the Complainant, namely, that on the balance of the evidence, there is every likelihood that the Respondent knew the Complainant’s business and its trademark before it registered the disputed domain name and then used the name in bad faith by creating a corresponding portal style website carrying a host of third party commercial links, some of which appear to offer pharmaceutical products in competition with those of the Complainant.

The Panel therefore finds that the Complainant has also established this third limb of its case.

7. Decision

For all the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the domain name, <xenicalbuy.com>, be transferred to the Complainant.